tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

treewide: nixfmt

Browse source
This commit is contained in:
WilliButz 2025-02-02 14:16:38 +01:00
parent d653af66b3
commit dbfc2207df
No known key found for this signature in database
GPG key ID: AB05DF703EB9DC70
14 changed files with 688 additions and 564 deletions
Download patch file Download diff file Expand all files Collapse all files

14
components/docs.nix
View file

@ -1,7 +1,8 @@
{ authentik-src {
, authentik-version authentik-src,
, buildNapalmPackage authentik-version,
, nodejs_22 buildNapalmPackage,
nodejs_22,
}: }:
buildNapalmPackage "${authentik-src}/website" { buildNapalmPackage "${authentik-src}/website" {
@ -52,8 +53,7 @@ buildNapalmPackage "${authentik-src}/website" {
let let
files = builtins.readDir ./docs-extra-package-locks; files = builtins.readDir ./docs-extra-package-locks;
in in
builtins.concatMap (f: builtins.concatMap (
if files.${f} == "regular" f: if files.${f} == "regular" then [ (./docs-extra-package-locks + "/${f}") ] else [ ]
then [ (./docs-extra-package-locks + "/${f}") ] else []
) (builtins.attrNames files); ) (builtins.attrNames files);
} }

11
components/frontend.nix
View file

@ -1,8 +1,9 @@
{ authentik-src {
, authentik-version authentik-src,
, authentikComponents authentik-version,
, buildNapalmPackage authentikComponents,
, nodejs_22 buildNapalmPackage,
nodejs_22,
}: }:
buildNapalmPackage "${authentik-src}/web" rec { buildNapalmPackage "${authentik-src}/web" rec {
version = authentik-version; # 0.0.0 specified upstream in package.json version = authentik-version; # 0.0.0 specified upstream in package.json

19
components/gopkgs.nix
View file

@ -1,9 +1,10 @@
{ authentik-src {
, authentik-version authentik-src,
, authentikComponents authentik-version,
, buildGo123Module authentikComponents,
, lib buildGo123Module,
, makeWrapper lib,
makeWrapper,
}: }:
buildGo123Module { buildGo123Module {
@ -16,15 +17,15 @@ buildGo123Module {
''; '';
src = lib.cleanSourceWith { src = lib.cleanSourceWith {
src = authentik-src; src = authentik-src;
filter = (path: _: filter = (
path: _:
(builtins.any (x: x) ( (builtins.any (x: x) (
(map (infix: lib.hasInfix infix path) [ (map (infix: lib.hasInfix infix path) [
"/authentik" "/authentik"
"/cmd" "/cmd"
"/internal" "/internal"
]) ])
++ ++ (map (suffix: lib.hasSuffix suffix path) [
(map (suffix: lib.hasSuffix suffix path) [
"/web" "/web"
"/web/static.go" "/web/static.go"
"/web/robots.txt" "/web/robots.txt"

15
components/manage.nix
View file

@ -1,12 +1,15 @@
{ authentik-src {
, authentikComponents authentik-src,
, makeWrapper authentikComponents,
, runCommandLocal makeWrapper,
runCommandLocal,
}: }:
runCommandLocal "authentik-manage" { runCommandLocal "authentik-manage"
{
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
} '' }
''
mkdir -vp $out/bin mkdir -vp $out/bin
cp -v ${authentik-src}/manage.py $out/bin/manage.py cp -v ${authentik-src}/manage.py $out/bin/manage.py

15
components/migrate.nix
View file

@ -1,12 +1,15 @@
{ authentik-src {
, authentikComponents authentik-src,
, makeWrapper authentikComponents,
, runCommandLocal makeWrapper,
runCommandLocal,
}: }:
runCommandLocal "authentik-migrate.py" { runCommandLocal "authentik-migrate.py"
{
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
} '' }
''
mkdir -vp $out/bin mkdir -vp $out/bin
cp ${authentik-src}/lifecycle/migrate.py $out/bin/migrate.py cp ${authentik-src}/lifecycle/migrate.py $out/bin/migrate.py
chmod +w $out/bin/migrate.py chmod +w $out/bin/migrate.py

21
components/pythonEnv.nix
View file

@ -1,9 +1,10 @@
{ authentik-src {
, authentikPoetryOverrides authentik-src,
, defaultPoetryOverrides authentikPoetryOverrides,
, lib defaultPoetryOverrides,
, mkPoetryEnv lib,
, python312 mkPoetryEnv,
python312,
}: }:
mkPoetryEnv { mkPoetryEnv {
@ -16,9 +17,9 @@ mkPoetryEnv {
checkGroups = [ ]; checkGroups = [ ];
# workaround to remove dev-dependencies for the current combination of legacy # workaround to remove dev-dependencies for the current combination of legacy
# used by authentik and poetry2nix's behavior # used by authentik and poetry2nix's behavior
pyproject = builtins.toFile "patched-pyproject.toml" (lib.replaceStrings pyproject = builtins.toFile "patched-pyproject.toml" (
["tool.poetry.dev-dependencies"] lib.replaceStrings [ "tool.poetry.dev-dependencies" ] [ "tool.poetry.group.dev.dependencies" ] (
["tool.poetry.group.dev.dependencies"] builtins.readFile "${authentik-src}/pyproject.toml"
(builtins.readFile "${authentik-src}/pyproject.toml") )
); );
} }

44
components/staticWorkdirDeps.nix
View file

@ -1,7 +1,8 @@
{ authentik-src {
, authentikComponents authentik-src,
, linkFarm authentikComponents,
, applyPatches linkFarm,
applyPatches,
}: }:
let let
patched-src = applyPatches { patched-src = applyPatches {
@ -14,11 +15,32 @@ let
}; };
in in
linkFarm "authentik-static-workdir-deps" [ linkFarm "authentik-static-workdir-deps" [
{ name = "authentik"; path = "${patched-src}/authentik"; } {
{ name = "locale"; path = "${authentik-src}/locale"; } name = "authentik";
{ name = "blueprints"; path = "${authentik-src}/blueprints"; } path = "${patched-src}/authentik";
{ name = "internal"; path = "${authentik-src}/internal"; } }
{ name = "lifecycle"; path = "${patched-src}/lifecycle"; } {
{ name = "schemas"; path = "${authentik-src}/schemas"; } name = "locale";
{ name = "web"; path = authentikComponents.frontend; } path = "${authentik-src}/locale";
}
{
name = "blueprints";
path = "${authentik-src}/blueprints";
}
{
name = "internal";
path = "${authentik-src}/internal";
}
{
name = "lifecycle";
path = "${patched-src}/lifecycle";
}
{
name = "schemas";
path = "${authentik-src}/schemas";
}
{
name = "web";
path = authentikComponents.frontend;
}
] ]

11
default.nix
View file

@ -1,10 +1,9 @@
(import (import (
( let
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in lock = builtins.fromJSON (builtins.readFile ./flake.lock);
in
fetchTarball { fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash; sha256 = lock.nodes.flake-compat.locked.narHash;
} }
) ) { src = ./.; }).defaultNix
{ src = ./.; }
).defaultNix

97
flake.nix
View file

@ -30,13 +30,15 @@
flake-utils.follows = "flake-utils"; flake-utils.follows = "flake-utils";
}; };
}; };
authentik-src = { # change version string in outputs as well when updating authentik-src = {
# change version string in outputs as well when updating
url = "github:goauthentik/authentik/version/2024.12.3"; url = "github:goauthentik/authentik/version/2024.12.3";
flake = false; flake = false;
}; };
}; };
outputs = inputs@{ outputs =
inputs@{
self, self,
nixpkgs, nixpkgs,
flake-parts, flake-parts,
@ -46,20 +48,41 @@
... ...
}: }:
flake-parts.lib.mkFlake flake-parts.lib.mkFlake { inherit inputs; } (
{ inherit inputs; } {
({ inputs, lib, withSystem, ... }: inputs,
lib,
withSystem,
...
}:
let let
authentik-version = "2024.12.3"; # to pass to the drvs of some components authentik-version = "2024.12.3"; # to pass to the drvs of some components
in { in
{
systems = import inputs.systems; systems = import inputs.systems;
flake = { self, ... }: { flake =
nixosModules.default = { pkgs, ... }: { { self, ... }:
{
nixosModules.default =
{ pkgs, ... }:
{
imports = [ ./module.nix ]; imports = [ ./module.nix ];
services.authentik.authentikComponents = pkgs.lib.mkDefault (withSystem pkgs.stdenv.hostPlatform.system ( services.authentik.authentikComponents = pkgs.lib.mkDefault (
withSystem pkgs.stdenv.hostPlatform.system (
{ config, ... }: { config, ... }:
{ inherit (config.packages) manage staticWorkdirDeps migrate pythonEnv frontend gopkgs docs; } {
)); inherit (config.packages)
manage
staticWorkdirDeps
migrate
pythonEnv
frontend
gopkgs
docs
;
}
)
);
}; };
# returns a scope which includes the attrset `authentikComponents` # returns a scope which includes the attrset `authentikComponents`
@ -68,22 +91,42 @@
# create a new scope with patched versions of individual authentik components # create a new scope with patched versions of individual authentik components
# #
# see ./tests/override-scope.nix for a usage example # see ./tests/override-scope.nix for a usage example
lib.mkAuthentikScope = let authentik-version' = authentik-version; in { lib.mkAuthentikScope =
let
authentik-version' = authentik-version;
in
{
pkgs, pkgs,
system ? pkgs.stdenv.hostPlatform.system, system ? pkgs.stdenv.hostPlatform.system,
authentik-version ? authentik-version', authentik-version ? authentik-version',
mkPoetryEnv ? (import inputs.poetry2nix { inherit pkgs; }).mkPoetryEnv, mkPoetryEnv ? (import inputs.poetry2nix { inherit pkgs; }).mkPoetryEnv,
defaultPoetryOverrides ? (import inputs.poetry2nix { inherit pkgs; }).defaultPoetryOverrides, defaultPoetryOverrides ? (import inputs.poetry2nix { inherit pkgs; }).defaultPoetryOverrides,
authentikPoetryOverrides ? import ./poetry2nix-python-overrides.nix pkgs, authentikPoetryOverrides ? import ./poetry2nix-python-overrides.nix pkgs,
buildNapalmPackage ? napalm.legacyPackages.${system}.buildPackage buildNapalmPackage ? napalm.legacyPackages.${system}.buildPackage,
}: }:
import ./components { import ./components {
inherit pkgs authentik-src authentik-version mkPoetryEnv defaultPoetryOverrides authentikPoetryOverrides buildNapalmPackage; inherit
pkgs
authentik-src
authentik-version
mkPoetryEnv
defaultPoetryOverrides
authentikPoetryOverrides
buildNapalmPackage
;
}; };
}; };
perSystem = { pkgs, system, self', ... }: let perSystem =
{
pkgs,
system,
self',
...
}:
let
inherit (self.lib.mkAuthentikScope { inherit pkgs; }) authentikComponents; inherit (self.lib.mkAuthentikScope { inherit pkgs; }) authentikComponents;
in { in
{
packages = { packages = {
inherit (authentikComponents) inherit (authentikComponents)
docs docs
@ -92,7 +135,8 @@
gopkgs gopkgs
staticWorkdirDeps staticWorkdirDeps
migrate migrate
manage; manage
;
terraform-provider-authentik = inputs.nixpkgs.legacyPackages.${system}.buildGo123Module rec { terraform-provider-authentik = inputs.nixpkgs.legacyPackages.${system}.buildGo123Module rec {
pname = "terraform-provider-authentik"; pname = "terraform-provider-authentik";
@ -115,16 +159,21 @@
}; };
checks = { checks = {
default = self.checks.${system}.vmtest; default = self.checks.${system}.vmtest;
vmtest = (import tests/minimal-vmtest.nix { vmtest = (
import tests/minimal-vmtest.nix {
inherit pkgs authentik-version; inherit pkgs authentik-version;
inherit (self) nixosModules; inherit (self) nixosModules;
}); }
override-scope = (import tests/override-scope.nix { );
override-scope = (
import tests/override-scope.nix {
inherit pkgs authentik-version; inherit pkgs authentik-version;
inherit (self) nixosModules; inherit (self) nixosModules;
inherit (self.lib) mkAuthentikScope; inherit (self.lib) mkAuthentikScope;
}); }
}; );
}; };
}); };
}
);
} }

92
module.nix
View file

@ -1,39 +1,47 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
let let
inherit (lib) inherit (lib)
types; types
;
inherit (lib.attrsets) inherit (lib.attrsets)
attrNames attrNames
getAttrs getAttrs
mapAttrsToList; mapAttrsToList
;
inherit (lib.lists) inherit (lib.lists)
flatten flatten
toList; toList
;
inherit (lib.modules) inherit (lib.modules)
mkDefault mkDefault
mkIf mkIf
mkMerge mkMerge
mkOverride; mkOverride
;
inherit (lib.options) inherit (lib.options)
mkEnableOption mkEnableOption
mkOption; mkOption
;
inherit (lib.strings) inherit (lib.strings)
concatStringsSep concatStringsSep
optionalString optionalString
versionOlder; versionOlder
;
inherit (lib.trivial) inherit (lib.trivial)
boolToString boolToString
isBool; isBool
;
settingsFormat = pkgs.formats.yaml { }; settingsFormat = pkgs.formats.yaml { };
in in
@ -141,7 +149,8 @@ in
config = mkMerge [ config = mkMerge [
# authentik server # authentik server
(mkIf config.services.authentik.enable (let (mkIf config.services.authentik.enable (
let
cfg = config.services.authentik; cfg = config.services.authentik;
# https://goauthentik.io/docs/installation/docker-compose#startup # https://goauthentik.io/docs/installation/docker-compose#startup
@ -153,18 +162,21 @@ in
User = "authentik"; User = "authentik";
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
}; };
akOptions = flatten (mapAttrsToList akOptions = flatten (
mapAttrsToList
# Map defaults for each authentik service (listed above) to command line parameters for # Map defaults for each authentik service (listed above) to command line parameters for
# `systemd-run(1)` in order to spin up an environment with correct (dynamic) user, # `systemd-run(1)` in order to spin up an environment with correct (dynamic) user,
# state directory and environment to run `ak` inside. # state directory and environment to run `ak` inside.
(k: vs: map (k: vs: map (v: "--property ${k}=${if isBool v then boolToString v else toString v}") (toList vs))
(v: "--property ${k}=${if isBool v then boolToString v else toString v}")
(toList vs))
# Read serviceDefaults from `authentik.service`. That way, module system primitives (mk*) # Read serviceDefaults from `authentik.service`. That way, module system primitives (mk*)
# can be used inside `serviceDefaults` and it doesn't need to be evaluated here again. # can be used inside `serviceDefaults` and it doesn't need to be evaluated here again.
(getAttrs (attrNames serviceDefaults) config.systemd.services.authentik.serviceConfig // { (
getAttrs (attrNames serviceDefaults) config.systemd.services.authentik.serviceConfig
// {
StateDirectory = "authentik"; StateDirectory = "authentik";
})); }
)
);
in in
{ {
services = { services = {
@ -193,7 +205,10 @@ in
enable = true; enable = true;
ensureDatabases = [ "authentik" ]; ensureDatabases = [ "authentik" ];
ensureUsers = [ ensureUsers = [
{ name = "authentik"; ensureDBOwnership = true; } {
name = "authentik";
ensureDBOwnership = true;
}
]; ];
}; };
}; };
@ -207,7 +222,8 @@ in
'') '')
]; ];
environment.etc."authentik/config.yml".source = settingsFormat.generate "authentik.yml" cfg.settings; environment.etc."authentik/config.yml".source =
settingsFormat.generate "authentik.yml" cfg.settings;
systemd.services = { systemd.services = {
authentik-migrate = { authentik-migrate = {
@ -218,7 +234,9 @@ in
before = [ "authentik.service" ]; before = [ "authentik.service" ];
restartTriggers = [ config.environment.etc."authentik/config.yml".source ]; restartTriggers = [ config.environment.etc."authentik/config.yml".source ];
environment.TZ = tz; environment.TZ = tz;
serviceConfig = mkMerge [ serviceDefaults { serviceConfig = mkMerge [
serviceDefaults
{
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
RuntimeDirectory = "authentik-migrate"; RuntimeDirectory = "authentik-migrate";
@ -231,7 +249,8 @@ in
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "1s"; RestartSec = "1s";
inherit (config.systemd.services.authentik.serviceConfig) StateDirectory; inherit (config.systemd.services.authentik.serviceConfig) StateDirectory;
} ]; }
];
}; };
authentik-worker = { authentik-worker = {
requiredBy = [ "authentik.service" ]; requiredBy = [ "authentik.service" ];
@ -243,7 +262,9 @@ in
ln -svf ${config.services.authentik.authentikComponents.staticWorkdirDeps}/* /run/authentik/ ln -svf ${config.services.authentik.authentikComponents.staticWorkdirDeps}/* /run/authentik/
''; '';
environment.TZ = tz; environment.TZ = tz;
serviceConfig = mkMerge [ serviceDefaults { serviceConfig = mkMerge [
serviceDefaults
{
RuntimeDirectory = "authentik"; RuntimeDirectory = "authentik";
WorkingDirectory = "%t/authentik"; WorkingDirectory = "%t/authentik";
ExecStart = "${cfg.authentikComponents.manage}/bin/manage.py worker"; ExecStart = "${cfg.authentikComponents.manage}/bin/manage.py worker";
@ -255,7 +276,8 @@ in
]; ];
# needs access to $StateDirectory/media/public # needs access to $StateDirectory/media/public
inherit (config.systemd.services.authentik.serviceConfig) StateDirectory; inherit (config.systemd.services.authentik.serviceConfig) StateDirectory;
} ]; }
];
}; };
authentik = { authentik = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -272,7 +294,9 @@ in
''} ''}
''; '';
environment.TZ = tz; environment.TZ = tz;
serviceConfig = mkMerge [ serviceDefaults { serviceConfig = mkMerge [
serviceDefaults
{
StateDirectory = "authentik"; StateDirectory = "authentik";
UMask = "0027"; UMask = "0027";
# TODO /run might be sufficient # TODO /run might be sufficient
@ -280,7 +304,8 @@ in
ExecStart = "${cfg.authentikComponents.gopkgs}/bin/server"; ExecStart = "${cfg.authentikComponents.gopkgs}/bin/server";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "1s"; RestartSec = "1s";
} ]; }
];
}; };
}; };
@ -297,10 +322,12 @@ in
}; };
}; };
}; };
})) }
))
# LDAP outpost # LDAP outpost
(mkIf config.services.authentik-ldap.enable (let (mkIf config.services.authentik-ldap.enable (
let
cfg = config.services.authentik-ldap; cfg = config.services.authentik-ldap;
in in
{ {
@ -321,10 +348,12 @@ in
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };
})) }
))
# RADIUS outpost # RADIUS outpost
(mkIf config.services.authentik-radius.enable (let (mkIf config.services.authentik-radius.enable (
let
cfg = config.services.authentik-radius; cfg = config.services.authentik-radius;
in in
{ {
@ -345,7 +374,8 @@ in
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };
})) }
))
# This is an attempt to solve a rather ugly problem that was # This is an attempt to solve a rather ugly problem that was
# caused by previously setting a default for the option # caused by previously setting a default for the option

31
poetry2nix-python-overrides.nix
View file

@ -1,23 +1,35 @@
pkgs: pkgs: [
[
# modules missing only setuptools # modules missing only setuptools
(final: prev: (
(builtins.listToAttrs (map (name: { final: prev:
(builtins.listToAttrs (
map
(name: {
inherit name; inherit name;
value = prev.${name}.overrideAttrs (oA: { value = prev.${name}.overrideAttrs (oA: {
nativeBuildInputs = (oA.nativeBuildInputs or [ ]) ++ [ final.setuptools ]; nativeBuildInputs = (oA.nativeBuildInputs or [ ]) ++ [ final.setuptools ];
}); });
}) [ })
[
"django-cte" "django-cte"
"django-tenants" "django-tenants"
"dumb-init" "dumb-init"
"drf-orjson-renderer" "drf-orjson-renderer"
])) ]
))
) )
(final: prev: { (final: prev: {
xmlsec = prev.xmlsec.overridePythonAttrs (oA: { xmlsec = prev.xmlsec.overridePythonAttrs (oA: {
nativeBuildInputs = oA.nativeBuildInputs ++ [ final.setuptools final.pkgconfig ]; nativeBuildInputs = oA.nativeBuildInputs ++ [
buildInputs = [ pkgs.xmlsec.dev pkgs.xmlsec pkgs.libxml2 pkgs.libtool ]; final.setuptools
final.pkgconfig
];
buildInputs = [
pkgs.xmlsec.dev
pkgs.xmlsec
pkgs.libxml2
pkgs.libtool
];
env.NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types"; env.NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types";
}); });
opencontainers = prev.opencontainers.overrideAttrs (oA: { opencontainers = prev.opencontainers.overrideAttrs (oA: {
@ -153,6 +165,5 @@ pkgs:
ua-parser-builtins = prev.ua-parser-builtins.overridePythonAttrs (oA: { ua-parser-builtins = prev.ua-parser-builtins.overridePythonAttrs (oA: {
propagatedBuildInputs = builtins.filter (p: p.pname != "ua-parser") oA.propagatedBuildInputs; propagatedBuildInputs = builtins.filter (p: p.pname != "ua-parser") oA.propagatedBuildInputs;
}); });
} })
)
] ]

11
shell.nix
View file

@ -1,10 +1,9 @@
(import (import (
( let
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in lock = builtins.fromJSON (builtins.readFile ./flake.lock);
in
fetchTarball { fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash; sha256 = lock.nodes.flake-compat.locked.narHash;
} }
) ) { src = ./.; }).shellNix
{ src = ./.; }
).shellNix

7
tests/minimal-vmtest.nix
View file

@ -1,6 +1,7 @@
{ pkgs {
, authentik-version pkgs,
, nixosModules authentik-version,
nixosModules,
}: }:
let let
# use a root-owned EnvironmentFile in production instead (services.authentik.environmentFile) # use a root-owned EnvironmentFile in production instead (services.authentik.environmentFile)

38
tests/override-scope.nix
View file

@ -1,19 +1,20 @@
{ pkgs {
, authentik-version pkgs,
, nixosModules authentik-version,
, mkAuthentikScope nixosModules,
mkAuthentikScope,
}: }:
/* /*
* This is just meant as a demonstration on how to override the scope which includes the This is just meant as a demonstration on how to override the scope which includes the
* authentik components. This is an extended version of ./minimal-vmtest.nix authentik components. This is an extended version of ./minimal-vmtest.nix
*
* First, a new scope is created from the default one using `overrideScope` on the result First, a new scope is created from the default one using `overrideScope` on the result
* from `mkAuthentikScope`. from `mkAuthentikScope`.
* Components with overrides in that scope are used by their dependents, i.e. dependents Components with overrides in that scope are used by their dependents, i.e. dependents
* of `pythonEnv` (e.g. gopkgs) also pull in that overridden `pythonEnv` of `pythonEnv` (e.g. gopkgs) also pull in that overridden `pythonEnv`
* Then, that scope is passed to the module via the `services.authentik.authentikComponents` option Then, that scope is passed to the module via the `services.authentik.authentikComponents` option
* And finally, the test script checks if the patched welcome string is present. And finally, the test script checks if the patched welcome string is present.
*/ */
let let
@ -26,14 +27,16 @@ let
# creates a new scope using python 3.12 for mkPoetryEnv # creates a new scope using python 3.12 for mkPoetryEnv
# and overrides the welcome string for the default oobe intial-setup flow # and overrides the welcome string for the default oobe intial-setup flow
customScope = (mkAuthentikScope { inherit pkgs; }).overrideScope customScope = (mkAuthentikScope { inherit pkgs; }).overrideScope (
(final: prev: { final: prev: {
authentikComponents = prev.authentikComponents // { authentikComponents = prev.authentikComponents // {
pythonEnv = prev.authentikComponents.pythonEnv.overrideAttrs (_: { pythonEnv = prev.authentikComponents.pythonEnv.overrideAttrs (_: {
python = pkgs.python312; python = pkgs.python312;
}); });
staticWorkdirDeps = prev.authentikComponents.staticWorkdirDeps.overrideAttrs (oA: { staticWorkdirDeps = prev.authentikComponents.staticWorkdirDeps.overrideAttrs (oA: {
buildCommand = oA.buildCommand + '' buildCommand =
oA.buildCommand
+ ''
rm -v $out/blueprints rm -v $out/blueprints
cp -vr ${prev.authentik-src}/blueprints $out/blueprints cp -vr ${prev.authentik-src}/blueprints $out/blueprints
substituteInPlace $out/blueprints/default/flow-oobe.yaml \ substituteInPlace $out/blueprints/default/flow-oobe.yaml \
@ -41,7 +44,8 @@ let
''; '';
}); });
}; };
}); }
);
in in
pkgs.nixosTest { pkgs.nixosTest {
name = "authentik"; name = "authentik";